PT-2023-6699 · Dmidecode+7 · Dmidecode+7

Publicado

2023-03-14

Atualizado

2025-03-04

CVE-2023-30630

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dmidecode versions prior to 3.5

Description The issue is related to insecure management of privileges in the Dmidecode utility of the Linux operating system. This allows an attacker to potentially elevate their privileges. The problem arises because Dmidecode's -dump-bin option can overwrite a local file, which has security implications, especially when Dmidecode is executed via Sudo.

Recommendations For versions prior to 3.5, update to version 3.5 or later to resolve the issue. As a temporary workaround, consider restricting the execution of Dmidecode via Sudo to minimize the risk of exploitation.

Exploit

Correção

Relative Path Traversal

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-23CWE-269

Identificadores relacionados

ALSA-2023:5061

ALSA-2023:5252

AZL-26138

BDU:2023-07470

CESA-2023_5252

CVE-2023-30630

ECHO-4A7C-5102-1F27

MGASA-2023-0180

OESA-2023-1264

RHSA-2023:5061

RHSA-2023:5252

RHSA-2023_5061

RHSA-2023_5252

RLSA-2023:5061

ROSA-SA-2023-2282

SUSE-SU-2023:1947-1

SUSE-SU-2023:2044-1

SUSE-SU-2023:2215-1

SUSE-SU-2023_1947-1

SUSE-SU-2023_2044-1

SUSE-SU-2023_2215-1

Produtos afetados

Almalinux

Centos

Debian

Dmidecode

Red Hat

Red Os

Rocky Linux

Suse

PT-2023-6699 · Dmidecode+7 · Dmidecode+7

CVE-2023-30630

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 55